Authorities are investigating a massive data breach at Uber

The hack affected more than 57 million people, but Uber's new CEO has come clean about it

UK authorities have launched in investigation into the massive data breach that Uber has revealed it suffered and did not announce in October 2016.

The hack affected more than 57 million customers and drivers. Uber says that it paid the hackers in the region of £75,000 to delete the stolen data.

Widespread reports indicate that the firm's former CEO, Travis Kalanick, learnt about the breach over a year ago.

The Information Commissioner's Office has launched a probe of the incident, which it says raises "huge concerns around its data protection policies and ethics."

In a statement, the ICO said:

"It's always the company's responsibility to identify when UK citizens have been affected as part of a data breach and take steps to reduce any harm to consumers. If UK citizens were affected then we should have been notified so that we could assess and verify the impact on people whose data was exposed.

"We'll be working with the NCSC plus other relevant authorities in the UK and overseas to determine the scale of the breach, how it has affected people in the UK and what steps need to be taken by the firm to ensure it fully complies with its data protection obligations.

"Deliberately concealing breaches from regulators and citizens could attract higher fines for companies."

According to a post on Uber's website: "Rider information included the names, email addresses and mobile phone numbers related to accounts globally. Our outside forensics experts have not seen any indication that trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth were downloaded."

Uber also states that affected individuals need take no special action as a result of the breach; however, V3 would advise paying careful attention to credit card and other forms of financial transaction over the next few months.

Commenting on the breach, Rik Ferguson, Vice President Security Research at Trend Micro said:

"There is no question that the previous management and security team at Uber failed in their responsibility to their drivers, to regulators, to justice and above all to their customers, and that's a pretty long list.

"However certain those responsible may have been that their attackers had been silenced, digital theft does not work the same way as in the physical world, you can never 'buy back the negatives' once data has been stolen.

"It is heartening to see the new management team come clean about the breach, but I remain concerned at some of the wording in Mr. Khosrowshahi's blog. He appears to distance Uber's 'corporate systems and infrastructure' from the 'third-party cloud-based service' that was the target of the breach. This is perhaps indicative of the root of the problem. Cloud services adopted by a business are corporate systems and infrastructure and from a security perspective should be treated as such."

Sam Curry, Chief Security Officer for Cybereason, criticised Uber for paying to cover up the breach.

"Who watches the watchers? The truly scary thing here is that Uber paid a bribe, according to news reports, essentially a ransom to make this breach go away and they acted as if they were above the law. Those people responsible for the integrity and confidentiality of the data in fact covered it up.

"To all outward appearances, the new CEO and management team are doing the right thing and making the difficult choices. However, difficult consequences still have to follow. And above all, this is a wake up call to the industry that CSOs have a responsibility not just to the companies that they work for, but the people whose data is affected.

"In other words, Joe Sullivan and crew should have acted in the interest of the public good and public safety and made these tough choices far, far sooner. It's time not to let another Equifax, Deloitte, etc happen and to leave no grey area to security officers as to what the right thing to do is."

The recent Equifax breach is now being investigated by both the ICO and FCA.